Identity and access management (IAM) embraces a broad swath of IT practice.\u00a0 This practice is subject to two forces pushing it towards greater prominence: increasing threat actor activity and increasing infrastructure complexity.\u00a0 In response, we see increasing sophistication of the tools used to deal with both.Web3 technology has unique characteristics that lend it to dealing with IAM.\u00a0 To begin with, Web3 is built upon cryptography, with an unprecedented level of inherent privacy.\u00a0 The validity of the blockchain is predicated on encryption; every piece of on-chain data is by its nature protected to a degree.Here\u2019s a look at where the worlds of Web3 and IAM intersect and possibilities for the future.Blockchain basicsThe way to look at blockchain applications\u2014at least in an idealized form\u2014is as a universal, distributed datastore.This datastore has two kinds of nodes:\u00a0 One participates in the network by making claims (this is known as a wallet); the other is called a full node and participates in the network by collaborating to verify claims.A wallet node submits transactions to the database.\u00a0 If the network of collaborating full nodes determines it\u2019s valid, that transaction becomes part of the shared truth of the datastore.\u00a0 Wallet nodes can then make a claim about the transaction.\u00a0 The most fundamental claim is the ownership of a given piece of data.This is all achievable because a wallet is fundamentally a private key (in the cryptographic sense), and every transaction a wallet performs is signed with its key.\u00a0 The key, therefore, is the mathematical proof that the actor who made the claims before is the same actor making claims now.Wallet as identityWe can see, then, that the notion of a blockchain wallet is a kind of identity.\u00a0 This identity can be used for authentication. There is nothing mysterious or surprising about that in the sense that private keys are already widely used in conventional security for establishing secure communication between parties.\u00a0In another sense, though, it is rather revolutionary.\u00a0As Auth0 labs notes, \u201cThe most significant byproduct of blockchain adoption is the organic distribution of private keys to end-users, i.e. wallets.\u201d\u00a0 That is to say, internet users have undergone a massive adoption of public-key cryptography via their personal cryptocurrency wallets.By understanding the nature of their wallet, its use, and security implications, a new kind of user is introduced.\u00a0 As this new kind of user becomes more common, a potential sea change may occur to authorization.\u00a0In short, the convergence of the security of private keys and the convenience of blockchain wallets is a potential disruptor to authentication. I\u2019ll emphasize potential as this is still quite speculative and there is a lot to be sorted out from the technical and infrastructure standpoints. In addition, it\u2019s worth noting that wallets are not very user friendly for non-technical folks. The potential to lose your ID\u2014really and truly lose with no possible recovery, ever\u2014exists. So, the emergence of the new kind of user described above is far from a foregone conclusion.Nevertheless, using wallets for authentication is happening now in Auth0 (via SIWE, sign in with ethereum) and other providers.\u00a0 Basically, the barriers to using wallets in off-chain auth are being drastically lowered.When you consider that popular wallets like Coinbase have associated with them rigorous KYC (know your customer), a picture starts to form of a single, technologically secure ID that is well integrated with traditional identification.\u00a0In this sense, wallets could possibly become an official digital ID, something like the digital equivalent of a social security number.\u00a0 This last speculation is a long way off, given that it implies the interaction of not only technical, but governmental actors.Introducing DID (decentralized ID)The name given to this overarching idea is decentralized ID, or DID.\u00a0 In general, we are talking about folding together the universe of other identification data points into a single number.\u00a0 It's an idea that has not gone unnoticed by even large players like Microsoft.This holds out the possibility of preserving anonymity and control for the user.\u00a0 That\u2019s because, in theory, the relationship between the wallet and the blockchain creates a layer of abstraction between the user and the database.\u00a0 In practice, this is more a pseudo-anonymity\u2014the user still is a human being sitting at a device that is physically connected to the internet.\u00a0 Put another way, the ability to associate a user to a wallet\u2014one way or another\u2014diminishes anonymity.The user (wallet holder) can be said to remain in control because the information is stored in a decentralized way\u00a0 and the user can decide if and when to use or share the data.Zero knowledge proofsA related idea is that of zero knowledge proofs.\u00a0 Here the idea is that something is proven as true, while the rest of the context remains private.\u00a0 This is feasible again because of the magic of public-key cryptography.\u00a0 Once a fact is established as valid through some mechanism and is committed to the blockchain, thereafter, the owning wallet can make the claim without any other revelations.\u00a0 We could establish our right to operate a motor vehicle, for example, without exposing our driver\u2019s license and the other information it contains.\u00a0So, the possibility exists for users to control their information and share only what they want with a high degree of granularity.These ideas have become mainstream enough that the W3C consortium has undertaken to formalize them into a standard, called verifiable credentials (VC).\u00a0 The effort there is to codify modern DID into a standardized format that incorporates privacy protections.Token gating and authorizationThe other reason broad wallet adoption may represent a game changer for IAM is the nature of higher order blockchains like Ethereum.\u00a0 Web3 identity has the ability not just to authenticate to conventional applications but participate in other on-chain activities that also have IAM implications.An important concept that is gaining traction is token gating.\u00a0 Token gating in a sense builds upon NFTs, but goes a step further by adding access control.\u00a0 Token gating can be seen as a kind of Web3 authorization, and therein lies its relevance to our current IAM discussion.\u00a0 Token gating is seen by proponents as introducing a new kind of economy by commoditizing digital content.\u00a0This means is that content creators and users can participate in an economy that is built on the notion that owning an NFT grants access to the content.\u00a0 This granting of access can be seen as a novel kind of authorization based on DID authentication, which may find use cases outside of digital content.\u00a0This idea could be applied to accessing assets as we currently use solutions like access control lists in databases, making for a more universal authorization system.\u00a0 United with something like verifiable credentials, you can begin to see the potential of a more standardized and universal IAM mechanism\u2014one whose benefits may cause it to gradually supplant existing approaches.